ALT-BU-2020-3589-1
Branch p8 update bulletin.
Package cyrus-imapd updated to version 2.5.15-alt0.M80P.1 for branch p8 in task 243774.
Closed vulnerabilities
BDU:2020-01976
Уязвимость множества элементов сервера электронной почты Cyrus IMAP, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю оказать воздействие на целостность информации
Modified: 2024-11-21
CVE-2019-19783
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
- FEDORA-2019-7938c21723
- FEDORA-2019-7938c21723
- FEDORA-2019-ad23a4522d
- FEDORA-2019-ad23a4522d
- 20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update
- 20191219 [SECURITY] [DSA 4590-1] cyrus-imapd security update
- GLSA-202006-23
- GLSA-202006-23
- USN-4566-1
- USN-4566-1
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html
- https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html
- https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html
- DSA-4590
- DSA-4590
Package kernel-image-std-def updated to version 4.9.208-alt0.M80P.1 for branch p8 in task 243878.
Closed vulnerabilities
BDU:2019-04855
Уязвимость функции ext4_empty_dir (fs/ext4/namei.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-00233
Уязвимость SMB-клиента ядра операционной системы Linux, позволяющая нарушителю манипулировать файлами в каталоге клиента
Modified: 2024-11-21
CVE-2019-10220
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://security.netapp.com/advisory/ntap-20200103-0001/
- USN-4226-1
- USN-4226-1
Modified: 2024-11-21
CVE-2019-19037
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
- https://security.netapp.com/advisory/ntap-20191205-0001/
- https://security.netapp.com/advisory/ntap-20191205-0001/